Wireless Protected Access, Version 2 (WPA2) is the version of Wi-Fi security used in most cases today. This diagram illustrates the general layout of the security data used by WPA2. There’s a new version coming out, WPA3, but it doesn’t seem to be in any products yet.
I put this diagram together several years ago for my textbook. I recently performed a web search for similar diagrams only to realize that there aren’t any posted.
Continue reading WPA2 Packet Frame Format
I was online chatting at a web site to repair my lawn tractor. Once I finished, I said, “So you’re a chatbot. Cool.”
I’m sure I was talking to a chatbot program and not a human. The reply was a brief but emphatic “No!”
I’m not sure how to interpret that. Will a company be honest about whether you are talking to a human or a chatbot? Should it? Must it?
Continue reading Ethics and Chatbots
Thanks to my former publisher, Addison-Wesley nee-Pearson Education, I can post several chapters of my favorite writing project: Authentication: From Passwords to Public Keys. I’m including these chapters as material for the Cloud Cybersecurity course I’m doing at the University of Minnesota for Coursera.
The book was published in 2001, and it’s based on solid, well-documented technical concepts. Everything is sourced through the “Notes” and “Bibliography” sections. Authentication captures the 2001 technologies very thoroughly. For many people, that’s as much authentication technology as they ever see.
Continue reading Authentication Chapters OnlineMaciej Cegłowski has published a long, practical, insightful, and witty article on his experiences with political campaign security. He wisely focuses on a handful of steps to narrow the attack surface with the fewest tools and techniques.
This should be a Coursera course, or a series of short videos.
A few years ago I moved my private library to the cloud. It uses Calibre to catalog my books, and the Open Publication Distribution System (OPDS) to provide an Internet-capable catalog. OPDS is built in to a lot of publisher-independent e-reader software. My e-readers can generally retrieve books from Internet hosts that provide OPDS.
My latest library uses COPS to construct the OPDS catalog from my Calibre database (book list). I update my library by keeping a copy of my Calibre database and directory of book files on a web server.
Every cybersecurity professional knows – and almost certainly owns – this book. Ross Anderson published the first edition back around 2001. He’s starting a third edition and is using an on-line collaborative model for developing revisions. He has already posted drafts of a few revised chapters.
Ross recently pointed out a disappointing result from Edward Snowden’s releases of NSA classified documents: most published analysis has been reportage. No one has done a “deep dive” into the technical aspets of what was released. This would probably still be of technical interest. It astonishes me every day how, despite perceived ongoing radical improvements in technology, things don’t really change that much.
To the left we see part of a malicious email. The author brags about how the From address is the same as the To address. This is supposed to mean that the author has broken into my email account.
I have been waiting patiently for someone to mail one of these to me. Now I can use it as an example. I’ll show you how to uncover it as a fraud.
Once we get past the creep factor of Nazi army uniforms, we see a communications team sending a secret message. They are using the legendary Enigma machine to encrypt the message.
But why, why did that officer allow a photographer to record this highly sensitive activity?
A failure of operational security (OPSEC). Allies in Bletchley Park would have sacrificed lives for this photo, or any photo showing the device in operation.
Golly. This one was really hard to spot.
Just kidding. This is obviously a fake email. I don’t think that American Express is likely to be sending email from “Steakhousetopia.com” regardless of how challenging Internet operations might get.
Here’s a clever two-step attack on a Macintosh. First, the victim downloads a file – it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
